<?php
	error_reporting(0);
	define('IN_SITE', true);
	include ("common.php");
	include "header.php";
	
	$ses_pro = isset($_SESSION["ses_pro"]) ? $_SESSION["ses_pro"] : '' ;
	$ses_pros= isset($_SESSION["ses_pros"]) ? $_SESSION["ses_pros"] : '' ;

	$base_url			= 'userLog.php?';
	$template_body_page = 'template/login.tpl';
	$template_lost_st1 	= 'template/loss_step1.tpl';
	$template_lost_st2 	= 'template/loss_step2.tpl';
	$template_lost_st3 	= 'template/loss_step3.tpl';
	
	$url = $_SERVER['PHP_SELF']."?". $_SERVER['QUERY_STRING'] ;
	$url = substr($url,strpos($url,".php"),strlen($url));
	$url = explode("/",$url);
	$mode= isset($url[2]) ? $url[2] : '' ;
	
	$ses_login = isset($_SESSION['ses_login'])? $_SESSION['ses_login'] : '' ;
	
	switch ($mode){
		case "lost":
			loss_step1();
			break;
		case "do_lost_s1":
			do_loss_step1();
			break;
		case "do_lost_s2":
			do_loss_step2();
			break;			
		case "signin":
			do_signin();
			break;
		case "signout":
			do_signout();
			break;
		default:
			show_signin_form();
	}
	
function loss_step1($msg=''){
	global $template,$template_lost_st1,$site_base_href;
	 
	$template->assign_vars(array(
		'l_mess'		=> $msg	? $msg : "Forgotten your password? No problem. First, please enter your Member ID.",
		'url'		=> $site_base_href,		
		'l_action'	=>$site_base_href.'/userLog.php?/log/do_lost_s1'
	));
	
	$template->set_filenames(array("body"	=> $template_lost_st1));
	$template->pparse('body');
}
function loss_step2($msg='',$id=''){
	global $template,$template_lost_st2,$site_base_href;
	if(empty($id)){
	 	loss_step1();
	 } 
	$template->assign_vars(array(
		'l_mess'		=> $msg,
		'url'		=> $site_base_href,		
		'l_action'		=> $site_base_href.'/userLog.php?/log/do_lost_s2',
		'mID' =>$id
	));
	
	$template->set_filenames(array("body"	=> $template_lost_st2));
	$template->pparse('body');
}
function loss_step3(){
	global $template, $base_url, $template_lost_st3,$site_base_href;
		  
	$template->assign_vars(array('url' => $site_base_href,));

	$template->set_filenames(array("body"	=> $template_lost_st3));
	$template->pparse('body');
}
function do_loss_step1(){
	global $db;
	$usernname = isset($_POST["usernname"]) ? htmlspecialchars($_POST["usernname"]) : '';
	
	if(empty($usernname)){
		loss_step1("Please fill in your member id.");
		return;
	}
	$sql="select memID from vb_member where mLogin='$usernname'";
	if ( !$result = $db->sql_query($sql) ) {
		  loss_step1("Couldn't run the sql query!");
	}
	$mss="Enter the email address that you registered previously, and we will send you the password.";
	if ( $db->sql_numrows($result) ){		
		loss_step2($mss,$usernname);
	}else{
	  loss_step1("This Member ID does not exist. ");	
	}
}
function do_loss_step2(){
	global $db;
	$username = isset($_POST["usernname"]) ? htmlspecialchars($_POST["usernname"]) : '';
	$id = isset($_POST["hdid"]) ? htmlspecialchars($_POST["hdid"]) : '';
	
	if(empty($username)){
		loss_step2("Please fill in your email address.",$id);
		return;
	}
	$sql="select mPassword from vb_member where mLogin='$id' and mEmail='$username'";
	if ( !$result = $db->sql_query($sql) ) {
		  loss_step1("Couldn't run the sql query!");
	}
	

	if ( $db->sql_numrows($result) ){		
		$sql_data = $db->sql_fetchrow($result);
		require_once("class/email.php");		
		$mail= new email();
		$userpassword=decrypt($sql_data["mPassword"]);
		 $filecontent='Dear Member,<br>
					Welcome to the YellowPages.vn!<br><br>
					
					Use your Member ID and Password for services on YellowPages.vn.<br>
					Member ID: '.$id.'<br>
					Password: '.$userpassword.'<br><br>
					
					Kind regards<br>
					www.yellowpages.vn Team<br>';
		 
		$mail->to =$username;
		$mail->toname =$username;
		$mail->fromname ="YellowPages";
		$mail->from = "support@yellowpages.vn";
		$mail->enable_html = true;				
		$mail->subject = "Your Password";
		$mail->body = $filecontent;					
		$mail->send();		
		loss_step3();
	}else{
	  loss_step2("Sorry, your email address is invalid. Please try again",$id);	
	}
}
function do_signin(){	
	global $db,$site_base_href,$ids;
	 
	$usernname = isset($_POST["usernname"]) ? htmlspecialchars($_POST["usernname"]) : '';
	$userpassword = isset($_POST["userpassword"]) ? htmlspecialchars($_POST["userpassword"]) : '';	
	$usernname = ereg_replace("'"," ",$usernname);
	$userpassword = ereg_replace("'"," ",$userpassword);

	
	if(empty($usernname) || empty($userpassword)){
		show_signin_form("Unvalid username or password! try again please!");
		return ;
	}
	$sql="select * from vb_member where mLogin  = '".$usernname."'";
  
	if ( !$result = $db->sql_query($sql) ) {
		show_signin_form(" Couldn't run the sql query!");
	}
	
	if ( $db->sql_numrows($result) ){
		$sql_data = $db->sql_fetchrow($result);
		
		if($userpassword==decrypt($sql_data["mPassword"])){
			$sql="select FirstName,LastName,FirstName_vn,LastName_vn,FirstName_cn,LastName_cn from vb_memberprofile where memID=".$sql_data["memID"];
			if ( !$result = $db->sql_query($sql) ) {
				  show_signin_form("Couldn't run the sql query!!");
			}
			$user_data = $db->sql_fetchrow($result);

			$ses_login['s_user']	= $sql_data["memID"];
			$ses_login['s_name']	= $user_data['FirstName']." ". $user_data['LastName'];
			$ses_login['s_name_vn']	= $user_data['LastName_vn']  ." ". $user_data['FirstName_vn'] ;
			$ses_login['s_name_cn']	= $user_data['LastName_cn']  ." ". $user_data['FirstName_cn'] ;
			$ses_login['s_id']		= $sql_data["mLogin"];		 
			$ses_login['s_level']	= $sql_data['memLevel'];
			$ses_login['mailactive']= $sql_data["emailActive"];
			
			$_SESSION['ses_login']=$ses_login ;	
				
			redirect($site_base_href."/user/index.php?act=contact&mn=1&ids=".$ids."&lang=us");	
			exit() ;
		}
	}	
	$msg = "<font face='verdana' size=2 color=red>Unvalid username or password! try again please!</font>" ;
	show_signin_form($msg);
	return;
	
}		
function show_signin_form($msg = ""){
	global $template, $base_url, $template_body_page,$site_base_href,$ids;
	
	$ids = session_id() ;
	$id_random = '' ;	
	for($j=0;$j<5;$j++){
	 	$id_random .= chr(rand(65,90));
	}
	$template->assign_vars(array(
		'l_mess'	=> $msg,			
		'lostUrl'	=> $site_base_href."/userLog.php?ids=".$ids."&lang=us&/log/lost",			
		'url'		=> $site_base_href,		
		'getImage' 	=> $site_base_href.'/',
		'hdranima' 	=> $id_random,
		'ranima' 	=> base64_encode(base64_encode($id_random)),
		'join'		=> $site_base_href."/user.php?ids=".$ids."&lang=us",		
		's_action'  =>$site_base_href."/userLog.php?mn=4&ids=".$ids."&lang=us&/log/signin"
	));
	
	$template->set_filenames(array("body"	=> $template_body_page));
	$template->pparse('body');
}
function do_signout(){
	global $db, $site_option,$template,$site_base_href;	 
	
	$base_url='index.php';
	$_SESSION['ses_login']	= '';
	session_unregister("ses_login");
 
   	$sql="select * from vb_category where cat_Level=1 and cat_active=1 and catCount>0 order by cat_Name";	
   	if(!$result=$db->sql_query($sql)){
		message_die("Couldn't run the sql query!!!", "", __LINE__, __FILE__, $sql);
	}
	
	$cat_count=$db->sql_numrows($result);
	$cat_data=$db->sql_fetchrowset($result);
	
	$numrow= ceil($cat_count/4);
	$i=0;
	while($i<$cat_count){
		 $template->assign_block_vars("catrow", array());
			for($j=0;$j<$numrow;$j++){
				if($i<$cat_count){				
				$proc=!empty($cat_data[$i]["catCount"]) ? " (".$cat_data[$i]["catCount"].")" : '';
				$template->assign_block_vars("catrow.catcol", array(			
					'catLabel'	=> $cat_data[$i]["cat_Name"].$proc,
					'catID'	=>	$site_base_href."/".$base_url.'?ids='.session_id().'&lang=us&/catalogs/'.$cat_data[$i]["catID"].'/'. ereg_replace(" ","_",$cat_data[$i]["cat_Name"]) .'.html',			 
					));
				}		
    			$i++;
				}
				
    }
	 $template->assign_vars(array(
	 	'url' =>$site_base_href."/index.php?ids=".session_id()."&lang=us" 
		));
	 
	$template->set_filenames(array(
		"body"	=> "template/signOut.tpl"
	));
	$template->pparse('body');
}
	include "bottom3-5.php";
	$db->sql_close();
?>
